Hi all,

I have a site that has been hacked twice in the last few days.

My web host says they have no responsibility at all and that it is entirely my responsibility to ensure security of the site.

I thought i would seek the advice of other professionals and just see if that is true - I don't know anything about how hackers do what they do - are they entering through an unlocked door the host has left open OR am I the bunny who left the door wide open?

I suspect there IS a problem with my site vulnerability (it is based on Saipen but the original develop has left us without support so i have to deal with this) but is there possibly ALSO something the host can/should be doing or is it not right to say this?

I thought that perhaps the host might at least be able to look at log files and perhaps see HOW they go in, what the vulnerability is etc and this would at least give me a hint to pass on to whoever I find to fix the problem.

Any advice appreciated - please excuse if I have posted in the wrong spot.

I have a totally open mind and just want to do the right thing and learn - so all advice appreciated.

Fred J.

It is true... You are responsible for your scripts and the configuration of your site. Most of the time they (hackers / scripters) will do a brute force attack because apparently (I just found out recently), on a unix box it shows very easily, all the master account names for the sites.

So unless you named your master site account something cryptic... it will be only a matter of time before they figure out your password. Unless you change it every few days and make sure it is very strong and non dictionary.
And set you master account like this in the second example:

Example:
Your site is mydomain.com
and your root dir is usr/mydomain/public_html
That will them them they need to go to mydomain.com/cpanel and your username is mydomain

So you should make it like this
root dir is usr/0o9i_hbec/public_html
That way, they may have the user name but now they don't which domain name on the server it pertains to. So now they have to guess domain and the password to try and brute force the login.

Most providers will have some lockout on the firewall where it detects so many wrong login atempts from an IP address and will block that IP for X amount of time, and some don't because it can lock out valid users accidently and they don't want to deal with users contacting them to unblock them.

In addtion, you need to monitor your site for the ones who don't let you know they are there. I have seen one server where the hacker didn't do anything other than set up an ftp server and had a ton of french bootleg dvd's on the server. The admin hadn't checked the server for a few months because the site was working fine, so he didn't notice the extra files and dirs until he logged in to make a site change.

If you have cpanel you can see the logs yourself. If you don't, they should allow you to have the logs.

It also sounds like you aren't 100% sure what you are doing on the server, so you should have someone who knows what they are doing check it out or find or pay a webhosting company that can do this for you until you are confident on running the site. Unix is a daunting OS because there is so many different flavors and versions with so many exploits and hacks, it makes is hard to be a true master of them all. Whereas with a windows box there is only "one" version to have to master and only a couple of webservers. So I would find someone to help you out.

As far as your hacker problem, if you want, contact me offline at kiddiescripterkiller at lycos.com and we can figure out a plan to get them to stop. Save and download to your computer any files they have uploaded to your site.

I have a lot of hackers Pi**ed off at me already... so they have been doing a random DOS attacks on my mail server, so you might not be able to email me at the address below.


Killerz
Killerz at TheHackerFighters.com

I suggest have your host reinstall the server for you. reapload the site, change all passwords, and make sure you install all updates. it is good to change ftp port, as well as put a firewall on your server.